Switch to dedicated user

conf/php-fpm.conf

@@ -20,8 +20,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = www-data
+user = __USER__
-group = www-data
+group = __USER__
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:

scripts/install

@@ -82,6 +82,14 @@ ynh_print_info "Configuring nginx web server..."
 # Create a dedicated nginx config
 ynh_add_nginx_config
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_print_info "Configuring system user..."
+
+# Create a system user
+ynh_system_user_create $app
+
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -98,10 +106,10 @@ ynh_add_fpm_config
 ynh_print_info "Creating statedir and final_logpath..."
 
 mkdir -p $statedir
-chown -R www-data:www-data $statedir
+chown -R $app: $statedir
 
 mkdir -p $final_logpath
-chown -R www-data:www-data $final_logpath
+chown -R $app: $final_logpath
 
 #=================================================
 # MODIFY A CONFIG FILE
@@ -201,7 +209,7 @@ ln -s /usr/share/awl/inc/XML* /var/www/$app/include/
 #=================================================
 
 # Set permissions to app files
-chown -R www-data: $final_path
+chown -R $app: $final_path
 
 #=================================================
 # SETUP LOGROTATE

scripts/restore

@@ -54,15 +54,29 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 ynh_print_info "Restoring the app main directory..."
 
 ynh_restore_file "$final_path"
-chown -R www-data: $final_path
 
 # Restore statedir
 ynh_restore_file "$statedir"
-chown -R www-data:www-data $statedir
 
 # Restore logs, data & permissions
 ynh_restore_file "$final_logpath"
-chown -R www-data:www-data $final_logpath
+
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_print_info "Recreating the dedicated system user..."
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create $app
+
+#=================================================
+# RESTORE USER RIGHTS
+#=================================================
+
+# Restore permissions on app files
+chown -R $app: $final_path
+chown -R $app: $statedir
+chown -R $app: $final_logpath
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION

scripts/upgrade

@@ -46,16 +46,18 @@ if [ -z "$statedir" ];
 then
    statedir="/home/yunohost.app/$app"
    ynh_app_setting_set "$app" statedir "$statedir"
+   mkdir -p $statedir
 else
-   echo "${statedir} exists, we don't create it."
+   ynh_print_info "${statedir} exists, we don't create it."
 fi
 
 if [ -z "$final_logpath" ];
 then
    final_logpath="/var/log/$app"
    ynh_app_setting_set "$app" final_logpath "$final_logpath"
+   mkdir -p $final_logpath
 else
-   echo "${final_logpath} exists, we don't create it."
+   ynh_print_info "${final_logpath} exists, we don't create it."
 fi
 
 #=================================================
@@ -100,6 +102,14 @@ ynh_print_info "Upgrading dependencies..."
 
 ynh_install_app_dependencies $pkg_dependencies
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_print_info "Making sure dedicated system user exists..."
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create $app
+
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -216,7 +226,10 @@ ynh_use_logrotate --non-append
 #=================================================
 
 # Set permissions on app files
-chown -R www-data: $final_path
+chown -R $app: $final_path
+
+chown -R $app: $statedir
+chown -R $app: $final_logpath
 
 #=================================================
 # SETUP SSOWAT